Pros and cons of implementing ISO17799 for the company project
ISO 17799 is a security standard that is widely followed. It involves documentation of procedures and processes that ensure information security in an organization. It is a standard, which requires interpretation and should be applied by all organizations despite the size as long as they face security risks. It specifies firms’ requirements for their information security. However, implementing ISO 17799 in Dalton, Walton and Calton Inc. Project has its pros and cons to the company (Calder, 2007, p. 92).
Since Dalton, Walton and Calton Inc. has been facing a lot of insecurities in information implementation of ISO17799 is necessary. It is important that information in the company is documented to ensure a good approach during work. This makes the ISO 17799 important since it involves documentation of information. If the ISO 17799 is implemented, it will help in instilling disciplines like management of risk and keeping of records, which could be a huge advantage to the company. Implementation of would allow efficient exchange of information since it has always been realized that human beings can work efficiently when the framework is well structures and is orderly since there is a huge reduction of guesswork. It would also provide methods and tools that make the management and users have a common responsibility of actions they take (Peltiert, 2002, p. 78). It does so, by giving individuals a basis to argue the importance of use of good practice. Since the company is small, implementation of ISO 17799 would be simple and easily absorbed by the employees. If it is implemented successfully is a main investment for the company. This is because it promotes the justification of resource requirements and also promotes improvements in the security management sector. It is detailed therefore; it provides a lot of guidance on how things should be done. For example, it gives more guidance on how an information policy ought to like in structure and content. This is a more technical orientation of ISO 17799. It will be of importance since it will ensure that there is confidentiality by denying unauthorized persons access to the confidential information. It also will ensure that information is there when it is required by the authorized personnel (Burgess, 2004, p. 388).
The implementation of Iso17799 does not allow a system of management that can receive a certificate of conformity from a third party. Although it provides guidance on the best practices, it sets no requirements that are specific on auditing of the management. This makes it hard for there to be a certificate of conformance showing the code of practice. ISO 17799 provides limited guidance on assessment of risks, which is an important part of developing the project of risk assessment. Implementation of ISO17790 requires a lot of time since documentation is slow thus little is done in the company if it is implemented (Tiller, 2001, p. 76). It is only exclusive to security of information thus addresses only the issue. In addition, it is not integrated to a wide framework of information governance. When ISO 17799 has been implemented, it makes work boring, which results from documentation. It has been realized that ISO17799 in most cases involves dealing with human beings’ emotions, which can be tricky. It will also cause some valuable resources to be taken away. ISO 17799 is costly to install because of its requirements. Dalton, Walton and Calton company is currently facing budget constraints therefore if it chooses to implement ISO 17799 it will be very expensive for it to implement and maintain (Peltier, 2004, p. 98).
Burgess, M. (2004). Principles of network and system administration. Chichester: wiley.
Calder, A. (2007). Information security risk management for ISO27001 / ISO17799. Ely: IT Gorvernance Publishers.
Peltier, T. (2004). Information and Risk Analysis. U.S: POA publishers.
Peltiert, T. (2002). Information security policies, procedures, and standards : guidelines for effective information security management. Boca Raton: Auerbach.
Tiller, J. (2001). Analyzing Business Information Systems. New York: Cambridge.